When you have a series of test cases in a script using an “assert” will halt the test run when it encounter a failure. On the other hand with a “verify” command it will continue to run and log the rest of the tests regardless of failures.
So the choice really dependent on the function you are testing. For example, if you have an email submission form and you want to test that the data verification module works for each input then you can test each input and just return the fail/pass results. Here you will use a verify statement.
But if on the same email submission form if you are testing the email submission functionality then if the first field, lets say, First name is not functioning properly then there is no point in testing the rest of the submission process, Here you will use an assert.
In practice however you use a combination of both. The Selenium documentation gives details of how this is done here.
While the terms a seem similar and in a certain way they are because they both test the integrity of the application “Security Testing” is and umbrella terms for all forms of testing done on an application to test whether the data that is in the system has the necessary protections (is it encrypted, can it be accessed by incorrect logins, etc. “Penetration testing” on the other hand is a specific secutiry test technique which is a black-box testing technique done to determine whether the system or network is protected from malicious sources. These are primaily to see if the network or system if susceptible to DDOS attacks, or whether there are open ports on the network that can be used to access server information, etc.
Selenium does not have the capability to automate captchas. This must be done manually by the tester. Ideally during the test period the tester should collaborate with the development team to disable the captcha temporarily so that the tests could be run unsupervised.